SecurityWeek reports that Amazon Web Services has issued updates to resolve an Amazon Relational Database Service vulnerability, which could be exploited to allow internal credential leaks.
The Amazon RDS flaw was discovered by Lightspin researcher Gafnit Amiga within the Aurora PostgreSQL engine's "log_fdw" extension, which enables SQL interface usage for database engine log access and foreign table creation. Threat actors could leverage the flaw to evade log_fdw extension validation to access files with internal credentials and other system files, according to Amiga, who reported the flaw last December. However, AWS stressed that the credentials exposed could not be leveraged to impact other customers or clusters. "No cross-customer or cross-cluster access was possible; however, highly privileged local database users who could exercise this issue could potentially have gained additional access to data hosted in their cluster or read files within the operating system of the underlying host running their database," said AWS.
Staples cyberattack disrupts online orders BleepingComputer reports that outages at American office supply retail chain that disrupted online orders were confirmed to have been caused by a cyberattack.
Using Centralized Data Security Management to Turn Cybersecurity into a Team Sport
SaaS data backups: Automated resilience & recovery in the cloud
Playing network traffic cop in multi-cloud environments: A guide to detecting & restricting lateral movement
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news